Inclusion of Sensitive Information in Log Files in NetIQ Identity Manager - CVE-2017-7434
Published: January 12, 2023
Vulnerability identifier: #VU71128
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7434
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: OpenText
Affected software:
NetIQ Identity Manager
NetIQ Identity Manager
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the JDBC driver of NetIQ Identity Manager send out an incorrect XML configuration, which can result in passwords being logged into exception logfiles.
How to mitigate CVE-2017-7434
Install updates from vendor's website.